mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 11:55:49 +00:00
Bug 1476570 - allow proxy to work on restricted domains, r=aswan
Proxies must work with all requests, however the new onRequest proxy api has maching logic using ChannelWrapper which uses WebExtensionPolicy which checks against restricted domains. We need to bypass that check when matching for proxy requests. MozReview-Commit-ID: 5zCdmV1b9M7 --HG-- extra : rebase_source : 4bc0f2735a8c2cc4f42934877783dbc68f6067ab
This commit is contained in:
parent
1eb1b2a3d2
commit
d99b32ea60
@ -67,10 +67,10 @@ public:
|
|||||||
void UnregisterContentScript(const WebExtensionContentScript& script,
|
void UnregisterContentScript(const WebExtensionContentScript& script,
|
||||||
ErrorResult& aRv);
|
ErrorResult& aRv);
|
||||||
|
|
||||||
bool CanAccessURI(const URLInfo& aURI, bool aExplicit = false) const
|
bool CanAccessURI(const URLInfo& aURI, bool aExplicit = false, bool aCheckRestricted = true) const
|
||||||
{
|
{
|
||||||
return (!IsRestrictedURI(aURI) &&
|
return (!aCheckRestricted || !IsRestrictedURI(aURI)) &&
|
||||||
mHostPermissions && mHostPermissions->Matches(aURI, aExplicit));
|
mHostPermissions && mHostPermissions->Matches(aURI, aExplicit);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool IsPathWebAccessible(const nsAString& aPath) const
|
bool IsPathWebAccessible(const nsAString& aPath) const
|
||||||
|
@ -8,10 +8,10 @@ XPCOMUtils.defineLazyServiceGetter(this, "gProxyService",
|
|||||||
|
|
||||||
const TRANSPARENT_PROXY_RESOLVES_HOST = Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST;
|
const TRANSPARENT_PROXY_RESOLVES_HOST = Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST;
|
||||||
|
|
||||||
function getProxyInfo() {
|
function getProxyInfo(url = "http://www.mozilla.org/") {
|
||||||
return new Promise((resolve, reject) => {
|
return new Promise((resolve, reject) => {
|
||||||
let channel = NetUtil.newChannel({
|
let channel = NetUtil.newChannel({
|
||||||
uri: "http://www.mozilla.org/",
|
uri: url,
|
||||||
loadUsingSystemPrincipal: true,
|
loadUsingSystemPrincipal: true,
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -176,13 +176,14 @@ async function getExtension(expectedProxyInfo) {
|
|||||||
|
|
||||||
add_task(async function test_passthrough() {
|
add_task(async function test_passthrough() {
|
||||||
let ext1 = await getExtension(null);
|
let ext1 = await getExtension(null);
|
||||||
let ext2 = await getExtension({host: "1.2.3.4", port: 8888, type: "http"});
|
let ext2 = await getExtension({host: "1.2.3.4", port: 8888, type: "https"});
|
||||||
|
|
||||||
let proxyInfo = await getProxyInfo();
|
// Also use a restricted url to test the ability to proxy those.
|
||||||
|
let proxyInfo = await getProxyInfo("https://addons.mozilla.org/");
|
||||||
|
|
||||||
equal(proxyInfo.host, "1.2.3.4", `second extension won`);
|
equal(proxyInfo.host, "1.2.3.4", `second extension won`);
|
||||||
equal(proxyInfo.port, "8888", `second extension won`);
|
equal(proxyInfo.port, "8888", `second extension won`);
|
||||||
equal(proxyInfo.type, "http", `second extension won`);
|
equal(proxyInfo.type, "https", `second extension won`);
|
||||||
|
|
||||||
await ext2.unload();
|
await ext2.unload();
|
||||||
|
|
||||||
|
@ -521,13 +521,14 @@ ChannelWrapper::Matches(const dom::MozRequestFilter& aFilter,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (aExtension) {
|
if (aExtension) {
|
||||||
if (!aExtension->CanAccessURI(urlInfo)) {
|
bool isProxy = aOptions.mIsProxy && aExtension->HasPermission(nsGkAtoms::proxy);
|
||||||
|
// Proxies are allowed access to all urls, including restricted urls.
|
||||||
|
if (!aExtension->CanAccessURI(urlInfo, false, !isProxy)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// If this isn't the proxy phase of the request, check that the extension
|
// If this isn't the proxy phase of the request, check that the extension
|
||||||
// has origin permissions for origin that originated the request.
|
// has origin permissions for origin that originated the request.
|
||||||
bool isProxy = aOptions.mIsProxy && aExtension->HasPermission(nsGkAtoms::proxy);
|
|
||||||
if (!isProxy) {
|
if (!isProxy) {
|
||||||
if (IsSystemLoad()) {
|
if (IsSystemLoad()) {
|
||||||
return false;
|
return false;
|
||||||
|
Loading…
Reference in New Issue
Block a user